Information disclosure in Cisco Hosted_collaboration_solution

CVE-2015-6352

Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests…

Vulnerability class: Information Disclosure

EPSS: 0.003 (52.0th percentile) — read the EPSS interpretation.

Affected products

Cisco Hosted_collaboration_solution — versions 10.6_base
Cisco Unified_communications_domain_manager — versions 10.6_base
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1034022 (vdb-entry, x_refsource_SECTRACK)
20151028 Cisco Unified Communications Domain Manager URI Enumeration Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
77341 (vdb-entry, x_refsource_BID)